General

  • Target

    9d9849b524012665ec0676be4eb85efcd6d51bf1dd4a68c13f364f6e74c4bc60

  • Size

    710KB

  • Sample

    230102-yz9cnsga78

  • MD5

    17340dc0d27f737fa1570d4fa9bfb4a3

  • SHA1

    4448f7ffc49e12fc9ab3b664ea6951028404df2b

  • SHA256

    c85b45e73fc8012f9324dac4a72486dd361e1d8986f7fd1276990281ecbbd5eb

  • SHA512

    5e95983b19a9514b183ea62128a3599e85a1a448d2ff6ae450096b2758003ddc8dff0f160c3b8a14ed76bdf82ce1675d3c3508e256c289cb435157117bd5fbbd

  • SSDEEP

    12288:RUgv1n/T8n9MO6FAilZpyoAFp2eGXZD6oiy/S+plRu5whoVVLdQGSg8AUFJ3RKPT:RUWx789MailZpyF21FiyKWewWVVLfH42

Malware Config

Targets

    • Target

      9d9849b524012665ec0676be4eb85efcd6d51bf1dd4a68c13f364f6e74c4bc60

    • Size

      1.7MB

    • MD5

      0420e95d5538d17cfec8d37c65ad5317

    • SHA1

      f4f692c8e0a01a93e0d8bc3a786a88e34e6c5be1

    • SHA256

      9d9849b524012665ec0676be4eb85efcd6d51bf1dd4a68c13f364f6e74c4bc60

    • SHA512

      71a72f8c0151a0204ebc37f31ad5da1f3b1c6363f290d7ee128764930b9ed857c4ef6b0d4cd40186be56acc2e7aadc66e7535be08cce06a230535f052636cbc2

    • SSDEEP

      24576:j4Eun37h53AbtuNw6z1Vjf51eKKlkOuUGkEvDvO4xn:tuetKjxFsGkEl

    • Detects LgoogLoader payload

    • LgoogLoader

      A downloader capable of dropping and executing other malware families.

    • Sets service image path in registry

    • Uses the VBS compiler for execution

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks